openSUSE Recommended Update: Recommended update for rsyslog ______________________________________________________________________________ Announcement ID: openSUSE-RU-2022:0055-1 Rating: moderate References: #1029961 #1160414 #1178490 #1182653 #1195650 Affected Products: openSUSE Backports SLE-15-SP3 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for rsyslog fixes the following issues: - Upgrade to rsyslog 8.2106.0: * The prime new feature is support for TLS and non-TLS connections via imtcp in parallel. Furthermore, most TLS parameters can now be overriden at the input() level. The notable exceptions are certificate files, something that is due to be implemented as next step. * New global option "parser.supportCompressionExtension" This permits to turn off rsyslog's single-message compression extension when it interferes with non-syslog message processing (the parser subsystem expects syslog messages, not generic text) closes https://github.com/rsyslog/rsyslog/issues/4598 * imtcp: add more override config params to input() It is now possible to override all module parameters at the input() level. Module parameters serve as defaults. Existing configs need no modification. * imtcp: add stream driver parameter to input() configuration This permits to have different inputs use different stream drivers and stream driver parameters. * imtcp: permit to run multiple inputs in parallel Previously, a single server was used to run all imtcp inputs. This had a couple of drawsbacks. First and foremost, we could not use different stream drivers in the varios inputs. This patch now provides a baseline to do that, but does still not implement the capability (in this sense it is a staging patch). Secondly, we now ensure that each input has at least one exclusive thread for processing, untangling the performance of multiple inputs from each other. * tcpsrv bugfix: potential sluggishnes and hang on shutdown tcpsrv is used by multiple other modules (imtcp, imdiag, imgssapi, and, in theory, also others - even ones we do not know about). However, the internal synchornization did not properly take multiple tcpsrv users in consideration. As such, a single user could hang under some circumstances. This was caused by improperly awaking all users from a pthread condition wait. That in turn could lead to some sluggish behaviour and, in rare cases, a hang at shutdown. Note: it was highly unlikely to experience real problems with the officially provided modules. * refactoring of syslog/tcp driver parameter passing This has now been generalized to a parameter block, which makes it much cleaner and also easier to add new parameters in the future. * config script: add re_match_i() and re_extract_i() functions This provides case-insensitive regex functionality. - Upgrade to rsyslog 8.2104.0: * rainerscript: call getgrnam_r repeatedly to get all group members (bsc#1178490) * new built-in function get_property() to access property vars * mmdblookup: add support for mmdb DB reload on HUP * new contributed function module fmunflatten * test bugfix: some tests did not work with newer TLS library versions - Update 'remote.conf' example file to new 'Address' and 'Port' notation. (bsc#1182653) - Upgrade to rsyslog 8.2102.0: * omfwd: add stats counter for sent bytes * omfwd: add error reporting configuration option * action stats counter bugfix: failure count was not properly incremented * action stats counter bugfix: resume count was not incremented * omfwd bugfix: segfault or error if port not given * lookup table bugfix: data race on lookup table reload * testbench modernization * testbench: fix invalid sequence of kafka tests runs * testbench: fix kafkacat issues * testbench: fix year-dependendt clickhouse test - Upgrade to rsyslog 8.2012.0: * testbench bugfix: some tests did not work in make distcheck * immark: rewrite with many improvements * usability: re-phrase error message to help users better understand cause * add new system property $now-unixtimestamp * omfwd: add new rate limit option * omfwd bug: param "StreamDriver.PermitExpiredCerts" is not "off" by default - prepare usrmerge (bsc#1029961) - remove legacy stuff from specfile * sysvinit is not supported anymore, so remove all tests related to systemv in the specfile - Upgrade to rsyslog 8.2010.0: * gnutls TLS subsystem bugfix: handshake error handling * core/msg bugfix: memory leak * core/msg bugfix: segfault in jsonPathFindNext() when <root> not an object * openssl TLS subsystem: improvments of error and status messages * core bugfix: do not create empty JSON objects on non-existent key access * gnutls subsysem bugfix: potential hang on session closure * core/network bugfix: obey net.enableDNS=off when querying local hostname * core bugfix: potential segfault on query of PROGRAMNAME property * imtcp bugfix: broken connection not necessariy detected * new module: imhttp - http input * mmdarwin bugfix: potential zero uuid when reusing existing one * imdocker bugfix: build issue on some platforms * omudpspoof bugfix: make compatbile with Solaris build * testbench fix: python 3 incompatibility * core bugfix: segfault if disk-queue file cannot be created * cosmetic: fix dummy module name in debug output * config bugfix: intended warning emitted as error - Upgrade to rsyslog 8.2008.0 - Added custom unit file rsyslog.service because systemd service file was removed from upstream project - Use systemd_ordering instead of requiring to make rsyslog useable in containers. - Fix the URL for bug reporting, should not point to 'novell.com'. (bsc#1173433) - Add support for 'omkafka'. - Avoid build error with gcc flag '-fno-common'. (bsc#1160414) Patch Instructions: To install this openSUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-55=1 - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-55=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): librdkafka-debugsource-0.11.6-1.8.1 librdkafka-devel-0.11.6-1.8.1 librdkafka1-0.11.6-1.8.1 librdkafka1-debuginfo-0.11.6-1.8.1 rsyslog-8.2106.0-4.13.1 rsyslog-debuginfo-8.2106.0-4.13.1 rsyslog-debugsource-8.2106.0-4.13.1 rsyslog-diag-tools-8.2106.0-4.13.1 rsyslog-diag-tools-debuginfo-8.2106.0-4.13.1 rsyslog-doc-8.2106.0-4.13.1 rsyslog-module-elasticsearch-8.2106.0-4.13.1 rsyslog-module-elasticsearch-debuginfo-8.2106.0-4.13.1 rsyslog-module-gcrypt-8.2106.0-4.13.1 rsyslog-module-gcrypt-debuginfo-8.2106.0-4.13.1 rsyslog-module-gssapi-8.2106.0-4.13.1 rsyslog-module-gssapi-debuginfo-8.2106.0-4.13.1 rsyslog-module-gtls-8.2106.0-4.13.1 rsyslog-module-gtls-debuginfo-8.2106.0-4.13.1 rsyslog-module-mmnormalize-8.2106.0-4.13.1 rsyslog-module-mmnormalize-debuginfo-8.2106.0-4.13.1 rsyslog-module-mysql-8.2106.0-4.13.1 rsyslog-module-mysql-debuginfo-8.2106.0-4.13.1 rsyslog-module-omamqp1-8.2106.0-4.13.1 rsyslog-module-omamqp1-debuginfo-8.2106.0-4.13.1 rsyslog-module-omhttpfs-8.2106.0-4.13.1 rsyslog-module-omhttpfs-debuginfo-8.2106.0-4.13.1 rsyslog-module-omtcl-8.2106.0-4.13.1 rsyslog-module-omtcl-debuginfo-8.2106.0-4.13.1 rsyslog-module-ossl-8.2106.0-4.13.1 rsyslog-module-ossl-debuginfo-8.2106.0-4.13.1 rsyslog-module-pgsql-8.2106.0-4.13.1 rsyslog-module-pgsql-debuginfo-8.2106.0-4.13.1 rsyslog-module-relp-8.2106.0-4.13.1 rsyslog-module-relp-debuginfo-8.2106.0-4.13.1 rsyslog-module-snmp-8.2106.0-4.13.1 rsyslog-module-snmp-debuginfo-8.2106.0-4.13.1 - openSUSE Backports SLE-15-SP3 (aarch64 ppc64le s390x x86_64): audacity-2.2.2-bp153.3.3.1 - openSUSE Backports SLE-15-SP3 (noarch): audacity-lang-2.2.2-bp153.3.3.1 References: https://bugzilla.suse.com/1029961 https://bugzilla.suse.com/1160414 https://bugzilla.suse.com/1178490 https://bugzilla.suse.com/1182653 https://bugzilla.suse.com/1195650